Category Started On Completed On Duration Cuckoo Version
FILE 2014-07-09 16:38:16 2014-07-09 16:41:15 179 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine3 winxpmacine3 VirtualBox 2014-07-09 16:38:17 2014-07-09 16:41:14

File Details

File name report_id_875893475983475934759384.exe
File size 135680 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 1A66FA5A
MD5 d8ab2694a8aaa0fa729ac0fcc93767a2
SHA1 595d8478c20a9f3f8b7e09273cd359769b85cda7
SHA256 340f2b67e7b8fe5717955836518c316f38dd4f9cb2511dc75df4be09cfd7a8b7
SHA512 b433658264eb54bd38642597b5c739d6d413a9d78c90495d7cf6934e71c30b03a96d025541698033d3387f0b19293a9698c3b97dc89e8c7be5683ae75b731d7b
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2014-07-09 20:34:15
Detection Rate: 3/54 (Expand)

Signatures

File has been identified by at least one AntiVirus on VirusTotal as malicious
Installs itself for autorun at Windows startup

Screenshots

Static Analysis

Version Infos

Sections

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

Behavior Summary

Files
  • C:\
Mutexes Nothing to display.
Registry Keys
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Disk\Enum
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

Processes

registry filesystem process services network synchronization

report_id_875893475983475934759384.exe PID: 508, Parent PID: 260

Volatility

Nothing to display.